Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)

The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...

iis_w3who_overflow.pm

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

CVE-2004-1134

Buffer overflow in the Microsoft W3Who ISAPI w3who.dll allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string...

CVE-2004-1133

Multiple cross-site scripting XSS vulnerabilities in Microsoft W3Who ISAPI w3who.dll allow remote attackers to inject arbitrary HTML and web script via 1 HTTP headers such as "Connection" or 2 invalid parameters whose values are echoed in the resulting error message...

CVE-2004-1134

Buffer overflow in the Microsoft W3Who ISAPI w3who.dll allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string...

CVE-2004-1134

CVE-2004-1134 covers a stack/ buffer overflow in the Microsoft IIS ISAPI w3who.dll (W3Who) triggered by long query strings. The root cause is lack of input sanitization for CGI variables, enabling remote attackers to cause denial of service and potentially execute arbitrary code with IIS privileg...

CVE-2004-1133

Multiple cross-site scripting XSS vulnerabilities in Microsoft W3Who ISAPI w3who.dll allow remote attackers to inject arbitrary HTML and web script via 1 HTTP headers such as "Connection" or 2 invalid parameters whose values are echoed in the resulting error message...

CVE-2004-1133

CVE-2004-1133 describes multiple remote vulnerabilities in Microsoft W3Who ISAPI (w3who.dll): two XSS flaws and a buffer overflow. OpenVAS/Nessus details indicate the w3who.dll ISAPI may allow an attacker to execute arbitrary commands on affected Windows hosts via a buffer overflow, or mount XSS ...

[Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL

Exaprobe www.exaprobe.com Security Advisory Advisory Name: Multiple vulnerabilities in w3who Release Date: 6 December 2004 Application: Microsoft ISAPI extension w3who.dll Platform: Windows 2000/XP Resource Kit Severity: Remote code execution Author: Nicolas Gregoire [email protected] Vendor...

Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities

The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. Nessus has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on...